Cryptographic communications systems seek to ensure both confidentiality and integrity in the delivery of transferred information which may pass over communications channels that can be monitored by eavesdroppers. Such communications channels find widespread use for this purpose and include local area networks and wide area networks such as the Internet. Confidentiality relates to the ability of the communications system to transfer the information from a sender to an intended receiver without eavesdroppers being able to interpret or decipher the transferred message. Integrity relates to the requirement that the intended receiver be provided proof that the transferred information came from the person who claims to have sent it and further that the transferred information has not been altered during transmission.
In general, cryptographic systems include symmetric and asymmetric systems. In a symmetric cryptographic system, the sender and recipient agree to have a common encoding and decoding key which is exchanged and kept secret from the eavesdropper. The key must be exchanged in a secure fashion. In the asymmetric system, also known as the “public-key cryptosystem,” it is not necessary for the sender and recipient to agree upon an enciphering key before hand. Furthermore, the asymmetric system provides for a manner of creating in a digital document a recognizable, unforgeable, document-dependent, digital signature whose authenticity the signer cannot later deny. This latter feature satisfies the integrity requirement of cryptographic communications systems.
In the asymmetric “public-key cryptosystem,” each user generates a private key/public key pair, Thus for example, a first user A generates a private key/public key (XA, YA) pair and a second user B generates a private key/public key (XB, YB). For each public key Y, the private key X is uniquely determined by the application of an algorithm such as RSA to the private key X. Furthermore, it is computationally infeasible for the eavesdropper to compute the private key X from the public key Y. Each user A and B publishes their respective public keys YA and YB. When user A wishes to send user B a confidential message over an untrusted communications channel, user A looks up user B's public key YB and generates a ciphertext message based upon YB. User B deciphers the ciphertext message by applying XB to the ciphertext. Since XB is not derivable from YB in a practical way, only user B can decipher the message sent to him by user A.
Advantageously, the asymmetric cryptographic system requires that each user post only one public key YA. In contrast the symmetric system requires that each pair of users share a private key. The asymmetric cryptographic system therefore drastically reduces the number of keys needed and further eliminates the need for the secure and private sharing of private keys.
However, the computations required to implement an asymmetric cryptographic system, such as modular exponentiation in the RSA system, are CPU intensive and therefore expensive. While such computations are practical and can be implemented in software, as a practical matter, more CPU resources are required to validate a purchaser's credit card, for example, than optimally desirable for a merchant having to perform such validation for hundreds of customers at a time.
Currently, cryptography is perceived as a difficult and expensive technology. This thinking has lead to system designs and engineering tradeoffs that tend to minimize the use of cryptography, and especially public-key operations. This received wisdom is no longer accepted. In accordance with a preferred embodiment, many influences have made cryptography easy and cheaper. These include the professionalization of cryptography, the creation and distribution of textbooks, the algorithmetic advances made by cryptographic researchers and engineers, the rise of e-commerce and wireless infrastructures which have a seemingly endless appetite for cryptographic services, the entry of many young people into the field, and the easing of government export controls.
Key and Encryption Technology
In a public key encryption scheme, cryptographic keys occur in pairs: one of the pair is a private key that is kept confidential, and the other of the pair is a public key that can be made available to anyone. When data is encrypted using one of the keys (either the public key or the private key), the other key must be used to decrypt the data. For example, resource A encrypts data using a private asymmetric cryptographic key belonging to A. Resource A makes the corresponding public asymmetric cryptographic key available publicly. The only key that can properly decrypt the data is the public key corresponding to the private key with which the data was encrypted. When resource B receives the data, it uses resource A's public key to decrypt the data. If the data decrypts properly, resource B is certain that only resource A, the sole holder of the corresponding private key, could have encrypted the data. In this way, resource B knows that the data must have originated from resource A, i.e., that the data purportedly from resource A is authentic.
Special purpose hardware devices are available to perform modular exponentiation. These hardware devices have traditionally been packaged for use with discrete servers. Alternatively, the devices are integrated onboard the server. In this manner cryptographic computations may be accelerated. The purchase and installation of these hardware devices is an economically feasible solution to the costly and CPU intensive computational requirements of public key cryptography for users having an extensive customer base and sufficient capital. However, this solution is not practical to users lacking these criteria and yet requiring quick computation of public-key operations.
Therefore what is needed is a system by which users lacking sufficient resources to purchase special purpose hardware devices for performing cryptographic computations can economically purchase a service for providing such computations. Preferably the cryptographic services are deliverable over the Internet and outperform similar operations performed by a standalone device in software taking into account network latencies. Also offloading the cryptographic operations frees up the user's computer to perform other tasks.